From 7585f1e8de1acb652f97afc3ee112337a37659a5 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Fri, 12 Aug 2022 22:55:32 +0200 Subject: liveinit: LUKS volumes need to be mounted before we write to the overlay --- liveinit.tpl | 72 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/liveinit.tpl b/liveinit.tpl index cd72656..d6bc6d9 100644 --- a/liveinit.tpl +++ b/liveinit.tpl @@ -1230,6 +1230,42 @@ if [ "$RESCUE" = "" ]; then done fi + if [ ! -z "$LUKSVOL" ]; then + # Bind any LUKS container into the Live filesystem: + for luksvol in $(echo $LUKSVOL |tr ',' ' '); do + luksfil="$(echo $luksvol |cut -d: -f1)" + luksmnt="$(echo $luksvol |cut -d: -f2)" + luksnam="$(echo $(basename $luksfil) |tr '.' '_')" + if [ "$luksmnt" = "$luksfil" ]; then + # No optional mount point specified, so we use the default: /home/ + luksmnt="/home" + fi + + # Find a free loop device: + lodev=$(find_loop) + + losetup $lodev ${CPATHINTERNAL}/$luksfil + echo "Unlocking LUKS encrypted container '$luksfil' at mount point '$luksmnt'" + cryptsetup luksOpen $lodev $luksnam /dev/tty0 2>&1 + if [ $? -ne 0 ]; then + echo "${MARKER}: Failed to unlock LUKS container '$luksfil'... trouble ahead." + else + # Create the mount directory if it does not exist (unlikely): + mkdir -p /mnt/overlay/$luksmnt + + # Let Slackware mount the unlocked container: + luksfs=$(blkid /dev/mapper/$luksnam |rev |cut -d'"' -f2 |rev) + if ! grep -q /dev/mapper/$luksnam /mnt/overlay/etc/fstab ; then + echo "/dev/mapper/$luksnam $luksmnt $luksfs defaults 1 1" >> /mnt/overlay/etc/fstab + fi + # On shutdown, ensure that the container gets locked again: + if ! grep -q "$luksnam $luksmnt" /mnt/overlay/etc/crypttab ; then + echo "$luksnam $luksmnt" >> /mnt/overlay/etc/crypttab + fi + fi + done + fi + if [ ! -z "$KEYMAP" ]; then # Configure custom keyboard mapping in console and X: echo "${MARKER}: Switching live console to '$KEYMAP' keyboard" @@ -1582,42 +1618,6 @@ EOT # Copy contents of rootcopy directory (may be empty) to overlay: cp -af /mnt/media/${LIVEMAIN}/rootcopy/* /mnt/overlay/ 2>/dev/null - # Bind any LUKS container into the Live filesystem: - if [ ! -z "$LUKSVOL" ]; then - for luksvol in $(echo $LUKSVOL |tr ',' ' '); do - luksfil="$(echo $luksvol |cut -d: -f1)" - luksmnt="$(echo $luksvol |cut -d: -f2)" - luksnam="$(echo $(basename $luksfil) |tr '.' '_')" - if [ "$luksmnt" = "$luksfil" ]; then - # No optional mount point specified, so we use the default: /home/ - luksmnt="/home" - fi - - # Find a free loop device: - lodev=$(find_loop) - - losetup $lodev /mnt/media/$luksfil - echo "Unlocking LUKS encrypted container '$luksfil' at mount point '$luksmnt'" - cryptsetup luksOpen $lodev $luksnam /dev/tty0 2>&1 - if [ $? -ne 0 ]; then - echo "${MARKER}: Failed to unlock LUKS container '$luksfil'... trouble ahead." - else - # Create the mount directory if it does not exist (unlikely): - mkdir -p /mnt/overlay/$luksmnt - - # Let Slackware mount the unlocked container: - luksfs=$(blkid /dev/mapper/$luksnam |rev |cut -d'"' -f2 |rev) - if ! grep -q /dev/mapper/$luksnam /mnt/overlay/etc/fstab ; then - echo "/dev/mapper/$luksnam $luksmnt $luksfs defaults 1 1" >> /mnt/overlay/etc/fstab - fi - # On shutdown, ensure that the container gets locked again: - if ! grep -q "$luksnam $luksmnt" /mnt/overlay/etc/crypttab ; then - echo "$luksnam $luksmnt" >> /mnt/overlay/etc/crypttab - fi - fi - done - fi - [ $DEBUG -gt 3 ] && rescue "DEBUG SHELL" # --------------------------------------------------------------------- # -- cgit v1.2.3